OWASP & WASC AppSec 2007 Training Courses - Nov 12th-13th 2007

The tutorials and the conference itself was held at eBay in San Jose.

T1. Building and Testing Secure Web Applications

This powerful two-day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how easily application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities into their code. Read more here!

T2. Secure Coding for Java EE

This Java focused course covers the most common Java EE web application security problems, including the OWASP Top Ten. It teaches Java EE best practices, so developers can really understand how to avoid introducing such vulnerabilities into their Java EE applications. This course includes hands on coding exercises that allows the students to fix real flaws in a Java EE application using the best practices recommended in class!! Read more here!

T3. Secure Coding .NET Web Applications

This .NET focused course covers the most common .NET web application security problems, including the OWASP Top Ten. It teaches .NET best practices, so developers can really understand how to avoid introducing such vulnerabilities into their .NET web applications. This course includes hands on coding exercises that allows the students to fix real flaws in a .NET application using the best practices recommended in class!! Read more here!

T4. Web Services and XML Security

Many enterprises are currently developing new Web Services and/or adding and acquiring Web Services functionality into existing applications -- now is the time to build security into the system! Read more here!

T5. Leveraging OWASP Tools and Documents to Secure Your Enterprise

Apart from OWASP's Top 10, most OWASP projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of these Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Lifecycle (WADL). This course aims to change that by providing detailed presentations of the most mature and enterprise ready OWASP projects together with practical examples of how to use them. Read more here!

T6. Open Source ModSecurity Training

ModSecurity is currently the most widely deployed web application firewall (WAF) product. This two-day class is for those people who want to learn how to build, deploy, and use ModSecurity in the most effective manner. The course will cover the open source ModSecurity Console, which helps manage alerts on suspicious web activity targeting your web servers. The course also provides an in-depth look at the extremely powerful ModSecurity Rules Language. Read more here!

November 12th - Cenzic is sponsoring a cocktail party at the eBay facility after the first day of training.

Tech Expo - Nov 13th-14th

Product vendors demonstrated their application security products to conference attendees for the first time at this OWASP Conference. The focus of this expo was on the technical details of the technologies they are offering in the market to help organizations deal with their application security issues.

The technology expo was held:

November 13th: From 12-2, with lunch included for all the OWASP tutorial attendees who will be invited to attend the expo.

November 14th: From 11-6 during the first day of the OWASP conference.

Breach Cocktail Party - Nov 13

To close out the training event and the first day of the tech expo, Breach kindly agreed to arrange a cocktail party on Tuesday evening. They sponsored a similar event at Black Hat for a joint OWASP / WASC get together and it was a roaring success with over 300 attendees. These have always been great events at previous conferences. For more details and RSVP go to: http://www.breach.com/breach_security_party_owaspwasc_san_jose.html